1 of 6

Preconfirmation-based Market Manipulation

Alex Watts (@ThogardPvP) | FastLane Labs

2 of 6

Value of a Preconfirmation

A Preconfirmation’s value can be split into two components:�

  • Inclusion
    • The index of a tx relative to other txs (ordering)
    • Example: “Your tx is guaranteed to execute before your competitor’s tx”�
  • Information
    • The result of the tx’s execution (returndata)
    • Example: “Your tx resulted in a swap of 69 JD tokens for 420 URI tokens”�

Efficient Users will stack requests for stateful information into the return data of their preconfirmation request.

3 of 6

Information-based Attack Vectors

Information on an action’s result can impact subsequent actions.�

Examples:

  • “Purchased 1000 JD on AMM” -> “Sell 1000 JD on CEX”
  • “Oracle updated successfully” -> “No new update needed”
  • “Swap on AMM reverted” -> “Initiate another swap on AMM”
  • “X’s balance increased” -> “Y’s intent is handled by X” �

Preconfirmers can attack without violating inclusion guarantees.

  • Induce user behavior that is +EV for preconfirmer.
  • Discourage user behavior that is -EV for preconfirmer.

4 of 6

Example Attack

  • Inclusion + sequencing promises are still honored.�
  • Bots are predictable.
  • Discovery of false return data is subject to latency games.

5 of 6

The Problems with The Solution

  • Solution:
    • Preconfirmer signs returndata
    • hash(hash(returndata), lastHash)�
  • Problems with Solution:
    • Uninsurable*
      • Accurate PnL forecasts
      • Equivocate only when +EV�
    • Reduced scaling factor
      • >3x more L1 gas usage�
    • Reduced tx throughput
      • Collateral-constrained
      • Latency-constrained�
    • Fault Attribution
      • Accident or malicious?
      • Preconfirmer = counterparty?

6 of 6

Downstream Issues / Questions

  • Visibility on tx calldata and returndata for all prior preconfirmed txs is required for independent identification of false returndata�
  • Cross-chain / interop scalability implications.
    • Proposers can frontrun on chain X even if separated from the sequencer
    • Hard to determine sequencer vs proposer fault without ruining throughput.�
  • Slowest users are most at risk.
    • “Proof of Equivocation” is slow… many network hops. �
  • Power users benefit significantly from vertical integration.�
  • Collateral dilution / reuse.
    • “If I’m going to be slashed, I might as well grab as much profit as possible!”